J-Security Center

Title: Multiple Vendor BIND iquery buffer overflow Vulnerability

Severity: MODERATE

Description:

A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium (ISC). BIND fails to properly bound the data recieved when processing an inverse query. Upon a memory copy, portions of the program can be overwritten, and arbitrary commands run on the affected host.

Exploits for this vulnerability are very widespread, and were posted to the Bugtraq mailing list.

Affected Products:

  • BSDI BSD/OS 2.0.0
  • BSDI BSD/OS 2.0.1
  • BSDI BSD/OS 2.1.0
  • Caldera OpenLinux Standard 1.0.0
  • Data General DG/UX 5.4 3.0.0
  • Data General DG/UX 5.4 3.1.0
  • Data General DG/UX 5.4 4.1.0
  • Data General DG/UX 5.4 4.11.0
  • IBM AIX 4.1.0
  • IBM AIX 4.1.1
  • IBM AIX 4.1.2
  • IBM AIX 4.1.3
  • IBM AIX 4.1.4
  • IBM AIX 4.1.5
  • IBM AIX 4.2.0
  • IBM AIX 4.2.1
  • IBM AIX 4.3.0
  • ISC BIND 4.9.6
  • ISC BIND 8.1.0
  • ISC BIND 8.1.1
  • NEC UX/4800 (64)
  • NetBSD NetBSD 1.0.0
  • NetBSD NetBSD 1.1.0
  • NetBSD NetBSD 1.2.0
  • NetBSD NetBSD 1.2.1
  • NetBSD NetBSD 1.3.0
  • NetBSD NetBSD 1.3.1
  • RedHat Linux 4.0.0
  • RedHat Linux 4.1.0
  • RedHat Linux 4.2.0
  • RedHat Linux 5.0.0
  • SCO Open Desktop 3.0.0
  • SCO Open Server 5.0.0
  • SCO Unixware 2.1.0
  • SCO Unixware 7.0.0
  • SGI IRIX 3.2.0
  • SGI IRIX 3.3.0
  • SGI IRIX 3.3.1
  • SGI IRIX 3.3.2
  • SGI IRIX 3.3.3
  • SGI IRIX 4.0.0
  • SGI IRIX 4.0.1
  • SGI IRIX 4.0.1 T
  • SGI IRIX 4.0.2
  • SGI IRIX 4.0.3
  • SGI IRIX 4.0.4
  • SGI IRIX 4.0.4 B
  • SGI IRIX 4.0.4 T
  • SGI IRIX 4.0.5
  • SGI IRIX 4.0.5 (IOP)
  • SGI IRIX 4.0.5 A
  • SGI IRIX 4.0.5 D
  • SGI IRIX 4.0.5 E
  • SGI IRIX 4.0.5 F
  • SGI IRIX 4.0.5 G
  • SGI IRIX 4.0.5 H
  • SGI IRIX 4.0.5 IPR
  • SGI IRIX 5.0.0
  • SGI IRIX 5.0.1
  • SGI IRIX 5.1.0
  • SGI IRIX 5.1.1
  • SGI IRIX 5.2.0
  • SGI IRIX 5.3.0
  • SGI IRIX 5.3.0 XFS
  • SGI IRIX 6.0.0
  • SGI IRIX 6.0.1
  • SGI IRIX 6.0.1 XFS
  • SGI IRIX 6.1.0
  • SGI IRIX 6.2.0
  • SGI IRIX 6.3.0
  • Sun Solaris 2.3.0
  • Sun Solaris 2.4.0
  • Sun Solaris 2.5.0
  • Sun Solaris 2.5.0_x86
  • Sun Solaris 2.5.1
  • Sun Solaris 2.5.1_ppc
  • Sun Solaris 2.5.1_x86
  • Sun Solaris 2.6
  • Sun Solaris 2.6_x86

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.